1. Ubuntu Security Notices
  2. USN-8406-1

USN-8406-1: Net::CIDR::Lite vulnerabilities

Publication date

8 June 2026

Overview

Several security issues were fixed in Net::CIDR::Lite.

Releases

Packages

Details

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle
extraneous zero characters at the beginning of an IP address string. A
remote attacker could possibly use this issue to bypass access controls
that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS. (CVE-2021-47154)

It was discovered that Net::CIDR::Lite did not properly validate the IPv6
group count when handling uncompressed IPv6 addresses. A remote attacker
could possibly use this issue to bypass access controls. (CVE-2026-40198)

It was discovered that Net::CIDR::Lite mishandled IPv4 mapped IPv6
addresses. A remote attacker could possibly use this issue to bypass access
controls that are based on IP addresses. (CVE-2026-40199)

Dave Rolsky discovered that Net::CIDR::Lite did not properly handle
extraneous zero characters at the beginning of an IP address string. A
remote attacker could possibly use this issue to bypass access controls
that are based on IP addresses. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 18.04 LTS. (CVE-2021-47154)

It was discovered that Net::CIDR::Lite did not properly validate the IPv6
group count when handling uncompressed IPv6 addresses. A remote attacker
could possibly use this issue to bypass access controls. (CVE-2026-40198)

It was discovered that Net::CIDR::Lite mishandled IPv4 mapped IPv6
addresses. A remote attacker could possibly use this issue to bypass access
controls that are based on IP addresses. (CVE-2026-40199)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
26.04 LTS resolute libnet-cidr-lite-perl –  0.22-2ubuntu0.26.04.1
25.10 questing libnet-cidr-lite-perl –  0.22-2ubuntu0.25.10.1
24.04 LTS noble libnet-cidr-lite-perl –  0.22-2ubuntu0.24.04.1
22.04 LTS jammy libnet-cidr-lite-perl –  0.22-1ubuntu0.1
20.04 LTS focal libnet-cidr-lite-perl –  0.21-2ubuntu0.1+esm1  
18.04 LTS bionic libnet-cidr-lite-perl –  0.21-1ubuntu0.18.04.1~esm1  
16.04 LTS xenial libnet-cidr-lite-perl –  0.21-1ubuntu0.16.04.1~esm1

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›